Vulnerability Details CVE-2022-24446
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.9%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 3.5
References
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2022-24446
- https://excellium-services.com/cert-xlm-advisory/cve-2022-24446/
- https://www.manageengine.com/key-manager/release-notes.html#6200
- https://excellium-services.com/cert-xlm-advisory/cve-2022-24446/
- https://www.manageengine.com/key-manager/release-notes.html#6200
Products affected by CVE-2022-24446
-
cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1.6